member-backend

member/member-backend

Fork 0

405000ded5 feat(role): add role_code across schema and APIs master Chris 2026-04-03 15:49:22 +08:00
94cec746cb chore(env): split dev/prod env files and clarify keycloak settings Chris 2026-04-03 14:43:13 +08:00
c032020f59 chore: update backend env example Chris 2026-04-03 06:03:04 +08:00
60b34a0817 chore: update backend env example Chris 2026-04-03 05:57:02 +08:00
d2b6957013 dev: prefer .env.development in start script Chris 2026-04-03 04:51:00 +08:00
7b9915e81c update Chris 2026-04-03 04:57:22 +08:00
dc51af8c39 update Chris 2026-04-03 04:52:17 +08:00
60608fe199 Remove redundant backend production env template Chris 2026-04-03 04:33:47 +08:00
7c4364b52f Use single .env for local startup Chris 2026-04-03 04:31:58 +08:00
065f1d52f0 Stop tracking local env files Chris 2026-04-03 04:25:36 +08:00
4ae7e75a96 Ignore .venv and local build artifacts Chris 2026-04-03 04:00:17 +08:00
d430b69888 Ignore .venv and Python cache files Chris 2026-04-03 03:57:53 +08:00
ed7a0344e0 Remove legacy migration file and alias API routes Chris 2026-04-03 03:54:48 +08:00
ade60bdbaa Switch backend Docker image to Alpine multi-stage Chris 2026-04-03 03:12:19 +08:00
75cf22f7e5 Add production Dockerfile for backend deployment Chris 2026-04-03 03:11:28 +08:00
a187acf58c Switch access control from groups to realm roles Chris 2026-04-03 03:03:43 +08:00
6d6f5aa2a6 Remove duplicate internal permissions snapshot API Chris 2026-04-03 02:46:55 +08:00
73ed4ff0ff Add Redis-backed cache backend with env switch Chris 2026-04-03 02:38:54 +08:00
55e640f2fb Add in-memory read cache with CUD-based invalidation Chris 2026-04-03 02:32:38 +08:00
e912d1498e Speed up auth verification with JWKS/admin token caching Chris 2026-04-03 02:20:54 +08:00
c431fe180b Sync site-role assignments to Keycloak group role mappings Chris 2026-04-03 02:14:01 +08:00
da08bc01ec feat: allow assigning sites directly from role page Chris 2026-04-03 01:56:22 +08:00
d5418d47e7 chore: silence introspection fallback warning noise Chris 2026-04-03 01:53:35 +08:00
64246984ba refactor: simplify schema names and remove provider id columns Chris 2026-04-03 01:49:36 +08:00
e91639d6d9 perf: disable read-time sync and keep provider sync manual Chris 2026-04-03 01:23:42 +08:00
49949498e0 fix: sync role CRUD with provider client roles Chris 2026-04-03 01:17:13 +08:00
224f3d67bd fix: add provider column migration script for existing db Chris 2026-04-03 01:10:13 +08:00
388a3f461c refactor: rename idp fields to provider naming Chris 2026-04-03 01:05:01 +08:00
ce181ebf67 refactor(idp-groups): use display name as keycloak group name Chris 2026-04-03 00:53:31 +08:00
573a75b9e3 feat(sync): keycloak as source-of-truth with auto catalog sync and token refresh Chris 2026-04-03 00:46:46 +08:00
81085e1844 fix(auth): resolve admin groups via keycloak admin API when token lacks groups Chris 2026-04-03 00:28:32 +08:00
fd55d90a44 fix(auth): accept keycloak group path variants for admin guard Chris 2026-04-03 00:24:32 +08:00
0db04f9afc fix(backend): postpone annotations to avoid list() type shadowing crash Chris 2026-04-03 00:22:00 +08:00
2f92b94f59 refactor: rebuild backend around role-site authorization model Chris 2026-04-02 23:58:13 +08:00
0bc667847d refactor(keycloak): remove authentik naming and switch to keycloak-only paths Chris 2026-04-01 02:01:41 +08:00
34fc865b30 fix(auth): relax keycloak audience check and auto-redirect logged-in user Chris 2026-04-01 01:48:06 +08:00
d16722ebf8 fix(oidc): add PKCE support for keycloak login flow Chris 2026-04-01 01:43:53 +08:00
94ae0e5a7a chore(env): use member-frontend oidc client and keep member-backend admin client Chris 2026-04-01 01:30:44 +08:00
f582ef3850 chore(env): configure keycloak master client for local backend Chris 2026-04-01 01:20:46 +08:00
c7ed517ed2 feat(idp): add keycloak-first support with authentik fallback Chris 2026-04-01 00:41:38 +08:00
f6105f079d fix(login): switch frontend account login to oidc flow Chris 2026-03-31 23:43:57 +08:00
4060ebff70 refactor(identity): rename authentik_sub to user_sub and authentik_user_id to idp_user_id Chris 2026-03-31 22:32:48 +08:00
ed5679948b docs(api): add internal API contract and expose response schemas in swagger Chris 2026-03-31 22:20:24 +08:00
ce8f9342de fix(internal): return correct system_key in modules list Chris 2026-03-31 22:02:56 +08:00
85e67ae0cd refactor(internal): switch auth to api-client headers Chris 2026-03-31 21:09:18 +08:00
cf02d9ec41 fix(member): delete authentik user when removing member Chris 2026-03-31 21:01:15 +08:00
2b29a1a274 feat(admin): add delete APIs and UI actions for all admin resources Chris 2026-03-31 20:58:20 +08:00
556fc8d5cb fix(api-clients): fallback api-key hashing without argon2; show site/module parent display names Chris 2026-03-31 20:35:04 +08:00
3fe5ce4ce7 feat(admin): add api client management UI and backend CRUD/rotate endpoints Chris 2026-03-30 23:28:27 +08:00
75f9f28588 feat(members): split username/display_name, sync updates to authentik, add password reset API and refresh docs Chris 2026-03-30 22:15:41 +08:00
8ed50cdcc6 refactor(auth): use group-only admin access and remove admin api-key flow from frontend/admin routes Chris 2026-03-30 21:39:43 +08:00
0e17997e66 feat(security): enforce admin allowlist guard on admin APIs and attach bearer for admin client Chris 2026-03-30 21:25:57 +08:00
0cd863f9c2 fix(module-key): make module keys standalone MD format with system_key relation Chris 2026-03-30 20:02:17 +08:00
c4266b7da5 feat(keys): auto-generate entity keys and remove manual key input from admin create forms Chris 2026-03-30 19:52:00 +08:00
357ebad821 chore(db): rebuild init schema with drop-recreate and group-centric constraints Chris 2026-03-30 19:42:05 +08:00
61cab48fca feat(admin): implement group-centric relations and system/module/company linkage views Chris 2026-03-30 19:38:49 +08:00
35ffff1d19 feat(flow): unify member-group-permission admin workflow and docs Chris 2026-03-30 03:54:22 +08:00
cc9ad16311 feat(flow): auto-resolve authentik sub and improve admin dropdown UX Chris 2026-03-30 03:33:50 +08:00
2f97f45795 feat(admin): add edit flows for all catalogs and member authentik sync Chris 2026-03-30 03:25:53 +08:00
58ea76f8b6 fix(auth): correct userinfo endpoint fallback for authentik profile enrichment Chris 2026-03-30 03:13:29 +08:00
5cc322f783 fix: finalize unified schema and correct permission snapshot mapping Chris 2026-03-30 02:22:27 +08:00
4ea80fa748 chore: consolidate full database schema into single init_schema.sql Chris 2026-03-30 02:14:26 +08:00
602c5443ad refactor: align backend with company-site-member schema and system-level RBAC groups Chris 2026-03-30 01:59:50 +08:00
0f0b197b32 feat: add organization and member management APIs for admin and internal use Chris 2026-03-30 01:23:02 +08:00
f00b8cefaa fix: enrich me profile via userinfo and add org-member management plan Chris 2026-03-30 01:14:02 +08:00
a170f0a681 fix: switch frontend login to authentik auth-code flow Chris 2026-03-30 01:04:28 +08:00
5e46c58dd4 fix: allow login by email via authentik username resolution Chris 2026-03-30 00:54:15 +08:00
8f06f75cca feat: add username-password login flow via authentik token endpoint Chris 2026-03-30 00:52:09 +08:00
8335dc11d1 fix: enable CORS for configured frontend origins Chris 2026-03-30 00:46:02 +08:00
cb8e72ccc7 feat: configure authentik member oidc and local dev token compatibility Chris 2026-03-30 00:34:59 +08:00
06d78fbec2 chore: add local development env files and startup script Chris 2026-03-29 23:34:34 +08:00
c84d7286a1 feat: add authentik admin user sync endpoint Chris 2026-03-29 23:08:52 +08:00
2b81fd01c3 feat: add authentik jwt verification and me endpoints Chris 2026-03-29 23:06:19 +08:00
c94b790714 chore: track .env in repository Chris 2026-03-29 23:02:24 +08:00
3ca207d24a feat: bootstrap backend MVP and architecture docs Chris 2026-03-29 23:01:34 +08:00

Commit Graph Select branches Hide Pull Requests master Mono Color

Commit Graph

Select branches

Hide Pull Requests

master